On 02/04/2010 11:22 AM, Leif Thuresson wrote: > Is there a "recommended" way to setup access for privileged admin tasks with > sudo? > In Dominick Grift's blog article > http://selinux-mac.blogspot.com/2009/06/selinux-lockdown-part-seven-su-newrole.html > the user assigned the webadm_r role gets a sudo access with match "ALL" > so in this example you trust SELinux solely to protect the system from > unauthorized access. > Is this way you would normally do it on a production machine? > If you make the sudoers rules more specific for the actual commands the > admin user need to run > you will gain some initial lock-down from sudo, but at the expense of the > sudoers file > requiring significantly more maintenance. > Administrators generally like scripting to automate task, but by allowing a > sub-admin to run a shell with uid=0 > we are again left with only SELinux to prevent unauthorized access. > Is the general feeling that SELinux in say fedora12 is mature enough so that > we can trust that it will protect > the system from unauthorized access if we allow sub-administrators to run > scripts as uid=0 ? > I see that support for capabilities on files has finally found its way into > fedora12. It that something that is > being used to achieve some sort of middle ground between the two > alternatives I listed above? If you can achieve your goal with tighter sudo configuration, than by all means use that. With regard to your other questions. I will be interested what others opinions on this is. > /Leif > > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
